[BusyBox-cvs] [BusyBox 0000261]: Unsafe empty env var export in ash

bugs at busybox.net bugs at busybox.net
Thu Jul 21 12:07:08 UTC 2005 

The following issue has been RESOLVED. 
====================================================================== 
http://busybox.net/bugs/view.php?id=261 
====================================================================== 
Reported By:                keithsmith
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   261
Category:                   Other
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     resolved
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             05-18-2005 21:29 PDT
Last Modified:              07-21-2005 05:07 PDT
====================================================================== 
Summary:                    Unsafe empty env var export in ash
Description: 
As reported previously, awk segfaults when empty environment variables are
exported.

# export x=''
# awk
SIGSEGV

This prompted a bugfix in revision 9054:
http://busybox.net/cgi-bin/viewcvs.cgi?view=rev&rev=9054

However, the core problem lies with ash.  It maintains the environment as
an array of strings of the form 'name=value', but this format is not
respected by setvar() as invoked by the export builtin.  To demonstrate,
note the different results for x and y:

~ # env
USER=root
HOME=/
LOGNAME=root
TERM=vt102
PATH=/usr/sbin:/bin:/usr/bin:/sbin
SHELL=/bin/sh
PWD=/

# y=''
# export y
# env
USER=root
HOME=/
LOGNAME=root
TERM=vt102
PATH=/usr/sbin:/bin:/usr/bin:/sbin
SHELL=/bin/sh
y=
PWD=/

# export x=''
# env
USER=root
HOME=/
x
LOGNAME=root
TERM=vt102
PATH=/usr/sbin:/bin:/usr/bin:/sbin
SHELL=/bin/sh
y=
PWD=/


All entries in the environment should conform to the 'name=value'
convention, as any consumers of environment variables set by ash may be
susceptible to segfaults similarly to awk.

====================================================================== 

---------------------------------------------------------------------- 
 pgf - 07-20-05 12:18  
---------------------------------------------------------------------- 
Committed revision 10881. 

---------------------------------------------------------------------- 
 pgf - 07-21-05 05:06  
---------------------------------------------------------------------- 
patch in 10881 reverted, replaced with upstream fix from dash_0.5.2-6.diff.
 new svn rev is 10888 

---------------------------------------------------------------------- 
 pgf - 07-21-05 05:07  
---------------------------------------------------------------------- 
re-commited, 10888 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
05-18-05 21:29  keithsmith     New Issue                                    
05-18-05 21:29  keithsmith     File Added: ash-export-empty-envvars.patch       
            
05-18-05 21:31  keithsmith     Issue Monitored: keithsmith                    
07-20-05 12:18  pgf            Status                   assigned => resolved
07-20-05 12:18  pgf            Resolution               open => fixed       
07-20-05 12:18  pgf            Note Added: 0000324                          
07-21-05 05:06  pgf            Note Added: 0000335                          
07-21-05 05:06  pgf            Status                   resolved => assigned
07-21-05 05:07  pgf            Status                   assigned => resolved
07-21-05 05:07  pgf            Note Added: 0000336                          
======================================================================

More information about the busybox-cvs mailing list